From 9828429bea09375d9701335b989eb01a48f1333f Mon Sep 17 00:00:00 2001 From: Niklas Date: Wed, 30 Dec 2020 21:59:33 +0100 Subject: [PATCH] added DNS over TLS --- config.yml | 6 ++++++ coolDns.go | 22 ++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/config.yml b/config.yml index 4603328..8ffa469 100644 --- a/config.yml +++ b/config.yml @@ -22,6 +22,12 @@ forward: address: 0.0.0.0:8053 +tls: + enable: true + address: 0.0.0.0:8853 + cert: cert.crt + key: private.key + blacklist: - url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt format: host diff --git a/coolDns.go b/coolDns.go index 80ccc6d..a9e47d8 100644 --- a/coolDns.go +++ b/coolDns.go @@ -29,6 +29,7 @@ type config struct { Forward configForward `yaml:"forward"` Address string `yaml:"address"` Blacklist []configBlacklist `yaml:"blacklist"` + TLS configTLS `yaml:"tls"` } type configForward struct { @@ -52,6 +53,13 @@ type configBlacklist struct { Format string `yaml:"format"` } +type configTLS struct { + Enable bool `yaml:"enable"` + Address string `yaml:"address"` + Cert string `yaml:"cert"` + Key string `yaml:"key"` +} + var anyRecordTypes = []uint16{ dns.TypeSOA, dns.TypeA, @@ -236,6 +244,14 @@ func listenAndServer(server *dns.ServeMux, address string) { }() } +func listenAndServerTLS(server *dns.ServeMux, address, cert, key string) { + go func() { + if err := dns.ListenAndServeTLS(address, cert, key, server); err != nil { + log.Fatalf("Failed to set DoT listener %s", err.Error()) + } + }() +} + func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool { if len(alcRules) != 0 { passed := false @@ -354,6 +370,12 @@ func main() { listenAndServer(server, config.Address) + if config.TLS.Enable { + listenAndServerTLS(server, config.TLS.Address, config.TLS.Cert, config.TLS.Key) + + log.Printf("Start listening on tcp %s for tls", config.TLS.Address) + } + log.Printf("Start listening on udp %s and tcp %s\n", config.Address, config.Address) sig := make(chan os.Signal)